CVE-2018-20300

N/A

Beschreibung

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht12/20/2018

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

phome:empirecms

Schwachen (CWE)

CWE-94

Referenzen

http://p0desta.com/2018/12/19/empirecms%E6%9C%80%E6%96%B0%E7%89%88%E5%90%8E%E5%8F%B0%E5%A4%9A%E5%A4%84getshell/(cve@mitre.org)

http://p0desta.com/2018/12/19/empirecms%E6%9C%80%E6%96%B0%E7%89%88%E5%90%8E%E5%8F%B0%E5%A4%9A%E5%A4%84getshell/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.